Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-6427

Опубликовано: 24 июн. 2025
Источник: redhat
CVSS3: 6.1
EPSS Низкий

Описание

An attacker was able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

A flaw was found in Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to bypass the connect-src directive of a Content Security Policy by manipulating subdocuments. This also hides the connections from the Network tab in Devtools.

Отчет

Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 10firefoxNot affected
Red Hat Enterprise Linux 10rhel10/firefox-flatpakNot affected
Red Hat Enterprise Linux 6firefoxNot affected
Red Hat Enterprise Linux 7firefoxNot affected
Red Hat Enterprise Linux 8firefoxNot affected
Red Hat Enterprise Linux 9firefoxNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=2374565firefox: connect-src Content Security Policy restriction could be bypassed

EPSS

Процентиль: 16%
0.00052
Низкий

6.1 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-6427

CVSS3: 9.1
ubuntu
около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

nvd логотип

CVE-2025-6427

CVSS3: 9.1
nvd
около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140 and Thunderbird < 140.

debian логотип

CVE-2025-6427

CVSS3: 9.1
debian
около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Conten ...

github логотип

GHSA-823q-pcrj-c4xv

CVSS3: 9.1
github
около 1 месяца назад

An attacker was able to bypass the `connect-src` directive of a Content Security Policy by manipulating subdocuments. This would have also hidden the connections from the Network tab in Devtools. This vulnerability affects Firefox < 140.

fstec логотип

BDU:2025-07652

CVSS3: 9.1
fstec
около 1 месяца назад

Уязвимость механизма Content Security Policy (CSP) браузера Mozilla Firefox, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 16%
0.00052
Низкий

6.1 Medium

CVSS3